Email Spams On My own Email Address

cripperz

Verified User
Joined
Feb 22, 2009
Messages
14
Location
Singapore
hi All,

i am facing some problems with my email recent. I have been receiving email spams from [email protected] which sends to [email protected] as receipient. Havent been having this problem for quite sometime until recently. Just a quick background, [email protected] is just a forward address to multiple email account that has inbox / user in directadmin.

Can someone advise how can i go about fixing this. I am using Ubuntu 8.04 LTS on latest directadmin and update exim, dovecot, etc. Using custombuild 1.2 at the moment.

Please help.
 
Last edited:
You cannot stop a spammer from faking your email address.
 
What you can do is log in to your DirectAdmin user account and check the SPAM Filters, which will allow you to block mail from any email address or even any domain. The problem of course, is that you can then never send email to yourself using any other server besides your own. We don't recommend, but several of our clients use it.

Jeff
 
Unless I'm missing something this uses the same key for all emails. If so, then a spammer could easily learn it and start using it.

Jeff
 
Is not correct. Every outgoing mail have a key based on the one written in your exim.conf. Make a try:

Using SpamBlocker 3.2.4 RC:
Code:
BATVKEY = sometext
.
.
.
#IN ACLs
acl_check_recipient:

# Bounces must only be returned to one recipient.
deny message = bounce messages must contain only one RCPT
	senders = :
	condition = ${if >{$rcpt_count}{1}}
# Empty sender (a bounce) to prvs address, check signature.
deny message = invalid or expired BATV signature
	senders = :
	control = caseful_local_part
	condition = ${prvscheck {$local_part@$domain}{BATVKEY}{1}}
	!condition = $prvscheck_result
	control = caselower_local_part
.
.
.

acl_check_message:

# If this message is a true bounce (i.e. made it to DATA), and not just a
# callout, require that the recipient not be unsigned.
deny message = bounce messages must be returned to a BATV signed address
	senders = :
	!condition = ${prvscheck {$recipients}{BATVKEY}{true}}

.
.
.
#IN ROUTERS
begin routers

lookuphost:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = 127.0.0.0/8
  condition = "${perl{check_limits}}"
  transport = remote_smtp
  no_more

# This router removes the BATV signature to return the original recipient
# address.
batv_redirect:
	driver = redirect
	data = ${prvscheck {$local_part@$domain}{BATVKEY}}

.
.
.
#IN TRANSPORTS
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
  driver = smtp
  return_path = ${if match_address{$return_path}{*@*} {${prvs {$return_path} {BATVKEY}}} fail }
 
Last edited:
Does it work?

How does it handle emails it doesn't accept?

Does it implement on stock version of exim without changes?

How does it check the key? How does it know?

Do my homework for me :).

Thanks!

Jeff
 
Does it work?

How does it handle emails it doesn't accept?

Does it implement on stock version of exim without changes?

How does it check the key? How does it know?

Do my homework for me :).

Thanks!

Jeff

It works for me and I'm using exim 4.7 now. I used it since exim 4.6.

Basicly it does three things:

1. If we're sending mail from a protected address such as
[email protected], it rewrites the return-path to some magically
generated address instead:
Return-Path: [email protected]

2. If we receive a bounce (empty reverse-path) addressed to one of
those magically-generated addresses, it rewrites the destination back to
the original [email protected] using a router. (batv_redirect)

3. Finally, if we receive a bounce addressed to the original protected address ([email protected]), it rejects it if you want so is ACL based.

For the rest of questions, you can read BATV draft on:
http://mipassoc.org/batv/draft-levine-smtp-batv-01.html
 
Last edited:
Is it better than my quick and easy new default in the current SpamBlocker Technology powered exim.conf file RC?

Well, BATV is very easy to implement in your config and will complement it a little more.

Is not the thread to discuss it but i think that implement dkim (exim 4.7) in your SpamBlocker like you made with spamassassin will be great and is more important than batv. If you want i can download your last version and modify your config with this features.

Greetz
 
I thought exim had to be recompiled as well to include dkim. I did not think it was a simple configuration change.
 
@WINeOS:

I believe Floyd is correct. Which means that the change would have to be made by DirectAdmin in how Exim is managed; then it could be supported by the exim.conf file.

Feel free to download my latest exim.conf beta, make changes you think would be helpful, and let me know where I can download a copy (ftp or httpd) and I'll be happy to look at your suggested changes.

Jeff
 
I thought exim had to be recompiled as well to include dkim. I did not think it was a simple configuration change.
I believe this is not true. Grep your mainlog file and you should see some DKIM verifications being performed.
Simple verification is simple to do and the possibilities are pretty much endless.
 
4.67. I guess that is the problem. Let me see if there is an rpm to upgrade.
 
Back
Top